5 Arrested in South Korea For Injecting Crypto Mining Malware in 6,000 PCs

Five men in South Korea were arrested on Thursday for illicitly injecting crypto mining malware into more than 6,000 computers.

Local police and the Korean National Police Agency Cyber Bureau said in an official statement that a group of five hackers led by a 24-year-old Kim Amu-gae released 32,435 emails containing cryptocurrency mining malware targeting desktop users in South Korea.

In a period of two months from October to December in 2017, the group of hackers sent messages containing malware to tens of thousands of job applicants, posing as employers.

Why People Had to Fall For it

According to the report of the Korean National Police Agency Cyber Bureau, the hackers obtained the email addresses of job applicants in large-scale conglomerates in the local technology sector.

On recruitment platforms and various job forums, the hackers gained more than 30,000 email addresses of individuals seeking for jobs and sent individual emails to all applicants impersonating recruitment agents and potential employers.

The group is suspected of sending emails that contained malware disguised as documents and files sent to individuals who filed their applications on recruitment platforms. As such, misled individuals clicked on the attached files or downloaded them believing that the documents were sent by companies, which immediately installed a cryptocurrency mining malware in the background.

Due to the presence of advanced anti-virus software, the majority of cryptocurrency mining malware installed in 6,000 computers were autonomously deleted within three to seven days.

Cybersecurity firms also initiated an investigation into the suspected mining scam, which allowed local security experts to diagnose and treat the rest of the computers affected by the malware.

“Because cyber security firms and anti-virus software operators responded quickly to the distribution of mining malware, the group of hackers were not able to generate a significant revenue from their operation. In most cases, anti-virus software detected the malware within three to seven days. If the malware was detected, the hackers sent new malware, but it was detected again by anti-virus software,” local police said.

While the operation was carefully planned and successfully penetrated into over 6,000 actively utilized computers, the hackers were only able to generate $1,000 in profit in total.

“Crypto jacking significantly reduces the performance of computers and if exposed to institutions, it could have a serious effect on the society. PC users must have secure anti-virus software in place and update browsers frequently. Also, if the performance of a computer suddenly drops, users will have to suspect the presence of mining malware,” an investigation close to the case told Hani.

Growth in Hash Rate Had an Impact

As CCN reported on November 7, the global cryptocurrency mining market has experienced significant growth over the past eleven months despite rising breakeven costs of mining major cryptocurrencies.

While Monero can be mined using computers, the utilization of sophisticated GPUs and more powerful PC miners have made it more difficult for regular PCs to mine XMR with efficiency and practicality.